From: Ton Voon Date: Wed, 21 Sep 2005 10:06:37 +0000 (+0000) Subject: Separation of root setuid plugins into plugins-root/ X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=fb1936ca4f9ed6aef99fab9f41f806b79b0a533f;p=nagiosplug.git Separation of root setuid plugins into plugins-root/ git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1233 f882894a-f735-0410-b71e-b25c423dba1c --- diff --git a/ACKNOWLEDGEMENTS b/ACKNOWLEDGEMENTS index 7eea869..bd0b1a9 100644 --- a/ACKNOWLEDGEMENTS +++ b/ACKNOWLEDGEMENTS @@ -25,5 +25,5 @@ Use of duplication of macros in m4/np_curl.m4 Coreutils team Copyright (C) 91, 1995-2004 Free Software Foundation, Inc. http://www.gnu.org/software/coreutils/ -Use of macros and lib files in m4/np_coreutils.m4 and lib/ +Use of macros and lib files in m4/np_coreutils.m4 and lib/. Setuid installs in plugins-root diff --git a/CHANGES b/CHANGES index c73769c..4b8ca30 100644 --- a/CHANGES +++ b/CHANGES @@ -1,5 +1,11 @@ This file documents the major additions and syntax changes between releases. +1.4.3 + Setuid plugins (check_dhcp, check_icmp) separated into plugins-root/. Run make install as root to install + +1.4.2 + Fix for Redhat ES4 for check_dns and check_dig + 1.4 IPv6 support in check_ping, check_by_ssh, check_http, check_ldap, check_smtp, check_tcp Internationalisation support diff --git a/Makefile.am b/Makefile.am index cc46a46..e89e4b0 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,6 +1,6 @@ ## Process this file with automake to produce Makefile.in -SUBDIRS = intl lib plugins plugins-scripts m4 po +SUBDIRS = intl lib plugins plugins-scripts plugins-root m4 po EXTRA_DIST = config.rpath \ ABOUT-NLS ACKNOWLEDGEMENTS AUTHORS BUGS CHANGES CODING FAQ LEGAL \ @@ -16,6 +16,9 @@ DEFS = -DLOCALEDIR=\"$(localedir)\" dist-hook: make THANKS nagios-plugins.spec pkg/fedora/nagios-plugins.spec +install-root: + cd plugins-root && $(MAKE) $@ + test: cd plugins; $(MAKE) test cd plugins-scripts; $(MAKE) test diff --git a/README b/README index 5f305b9..eb0ec4f 100644 --- a/README +++ b/README @@ -85,8 +85,13 @@ Nagios Plugins Quick-and-Dirty Installation Instructions 'libexec/' subdirectory in the base directory you specified with the --prefix argument to the configure script. +4) There are some plugins that require setuid. If you run make install as + a non root user, they will not be installed. To install, switch to root and + run: -4) Verify that your host configuration file (hosts.cfg) for Nagios contains + make install-root + +5) Verify that your host configuration file (hosts.cfg) for Nagios contains the correct paths to the new plugins. diff --git a/configure.in b/configure.in index 053f849..ee5fb90 100644 --- a/configure.in +++ b/configure.in @@ -1546,6 +1546,7 @@ AC_OUTPUT( lib/Makefile m4/Makefile plugins/Makefile + plugins-root/Makefile plugins-scripts/Makefile plugins-scripts/subst plugins-scripts/utils.pm diff --git a/plugins-root/.cvsignore b/plugins-root/.cvsignore new file mode 100644 index 0000000..e3a6259 --- /dev/null +++ b/plugins-root/.cvsignore @@ -0,0 +1,5 @@ +.deps +Makefile.in +Makefile +check_dhcp +check_icmp diff --git a/plugins-root/Makefile.am b/plugins-root/Makefile.am new file mode 100644 index 0000000..aae9adb --- /dev/null +++ b/plugins-root/Makefile.am @@ -0,0 +1,74 @@ +## Process this file with automake to produce Makefile.in + +VPATH = $(top_srcdir) $(top_srcdir)/lib $(top_srcdir)/plugins $(top_srcdir)/plugins/t + +INCLUDES = -I.. -I$(top_srcdir)/lib -I$(top_srcdir)/intl -I$(top_srcdir)/plugins + +datadir = @datadir@ +localedir = $(datadir)/locale +DEFS = -DLOCALEDIR=\"$(localedir)\" @DEFS@ +LIBS = @LIBINTL@ @LIBS@ @SSLINCLUDE@ + +EXTRA_PROGRAMS = check_dhcp check_icmp + +BASEOBJS = ../plugins/utils.o ../lib/libnagiosplug.a ../lib/libcoreutils.a +NETOBJS = ../plugins/netutils.o $(BASEOBJS) $(EXTRA_NETOBJS) +NETLIBS = $(NETOBJS) $(SOCKETLIBS) + +TESTS_ENVIRONMENT = perl -I $(top_builddir) -I $(top_srcdir) + +TESTS = @PLUGIN_TEST@ + +test: + perl -I $(top_builddir) -I $(top_srcdir) ../test.pl + +all-local: $(EXTRA_PROGRAMS) + +setuid_root_mode = 4550 + +group = nagios + +# /* Author Coreutils team - see ACKNOWLEDGEMENTS */ + +INSTALL_SUID = \ + for f in $(EXTRA_PROGRAMS) ; do \ + p=$$f; \ + echo " $(INSTALL_PROGRAM) $$p $(DESTDIR)$(libexecdir)/$$p"; \ + $(INSTALL_PROGRAM) $$p $(DESTDIR)$(libexecdir)/$$p; \ + echo " chown root $(DESTDIR)$(libexecdir)/$$p"; \ + chown root $(DESTDIR)$(libexecdir)/$$p; \ + echo " chmod $(setuid_root_mode) $(DESTDIR)$(libexecdir)/$$p"; \ + chmod $(setuid_root_mode) $(DESTDIR)$(libexecdir)/$$p; \ + done + +install-root: $(EXTRA_PROGRAMS) + @$(INSTALL_SUID) + +install-exec-local: $(EXTRA_PROGRAMS) + @TMPFILE=$(DESTDIR)$(libexecdir)/.setuid-$$$$; \ + rm -f $$TMPFILE; \ + echo > $$TMPFILE; \ + ## See if we can create a setuid root executable in $(libexecdir). + ## If not, then don't even try to install setuid plugins. + can_create_suid_root_executable=no; \ + chown root $$TMPFILE > /dev/null 2>&1 \ + && chmod $(setuid_root_mode) $$TMPFILE > /dev/null 2>&1 \ + && can_create_suid_root_executable=yes; \ + rm -f $$TMPFILE; \ + if test $$can_create_suid_root_executable = yes; then \ + $(INSTALL_SUID); \ + else \ + echo "WARNING: insufficient access; not installing setuid plugins"; \ + echo "NOTE: to install setuid plugins, run 'make install-root' as root"; \ + fi + +# /* Author Coreutils team sub-citation */ + +############################################################################## +# the actual targets +check_dhcp_LDADD = $(NETLIBS) +check_icmp_LDADD = $(SOCKETLIBS) + +check_dhcp_DEPENDENCIES = check_dhcp.c $(NETOBJS) $(DEPLIBS) +check_icmp_DEPENDENCIES = check_icmp.c + diff --git a/plugins-root/check_dhcp.c b/plugins-root/check_dhcp.c new file mode 100644 index 0000000..a3e0c53 --- /dev/null +++ b/plugins-root/check_dhcp.c @@ -0,0 +1,1261 @@ +/****************************************************************************** +* +* CHECK_DHCP.C +* +* Program: DHCP plugin for Nagios +* License: GPL +* Copyright (c) 2001-2004 Ethan Galstad (nagios@nagios.org) +* +* License Information: +* +* This program is free software; you can redistribute it and/or modify +* it under the terms of the GNU General Public License as published by +* the Free Software Foundation; either version 2 of the License, or +* (at your option) any later version. +* +* This program is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +* GNU General Public License for more details. +* +* You should have received a copy of the GNU General Public License +* along with this program; if not, write to the Free Software +* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +* +* $Id$ +* +*****************************************************************************/ + +const char *progname = "check_dhcp"; +const char *revision = "$Revision$"; +const char *copyright = "2001-2004"; +const char *email = "nagiosplug-devel@lists.sourceforge.net"; + +#include "common.h" +#include "netutils.h" +#include "utils.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#if defined( __linux__ ) + +#include +#include + +#elif defined (__bsd__) + +#include +#include +#include + +#elif defined(__sun__) || defined(__solaris__) || defined(__hpux__) + +#define INSAP 22 +#define OUTSAP 24 + +#include +#include +#include +#include +#include + +#define bcopy(source, destination, length) memcpy(destination, source, length) + +#define AREA_SZ 5000 /* buffer length in bytes */ +static u_long ctl_area[AREA_SZ]; +static u_long dat_area[AREA_SZ]; +static struct strbuf ctl = {AREA_SZ, 0, (char *)ctl_area}; +static struct strbuf dat = {AREA_SZ, 0, (char *)dat_area}; + +#define GOT_CTRL 1 +#define GOT_DATA 2 +#define GOT_BOTH 3 +#define GOT_INTR 4 +#define GOT_ERR 128 + +#define u_int8_t uint8_t +#define u_int16_t uint16_t +#define u_int32_t uint32_t + +static int get_msg(int); +static int check_ctrl(int); +static int put_ctrl(int, int, int); +static int put_both(int, int, int, int); +static int dl_open(const char *, int, int *); +static int dl_bind(int, int, u_char *); +long mac_addr_dlpi( const char *, int, u_char *); + +#endif + +#define HAVE_GETOPT_H + + +/**** Common definitions ****/ + +#define STATE_OK 0 +#define STATE_WARNING 1 +#define STATE_CRITICAL 2 +#define STATE_UNKNOWN -1 + +#define OK 0 +#define ERROR -1 + +#define FALSE 0 +#define TRUE 1 + + +/**** DHCP definitions ****/ + +#define MAX_DHCP_CHADDR_LENGTH 16 +#define MAX_DHCP_SNAME_LENGTH 64 +#define MAX_DHCP_FILE_LENGTH 128 +#define MAX_DHCP_OPTIONS_LENGTH 312 + + +typedef struct dhcp_packet_struct{ + u_int8_t op; /* packet type */ + u_int8_t htype; /* type of hardware address for this machine (Ethernet, etc) */ + u_int8_t hlen; /* length of hardware address (of this machine) */ + u_int8_t hops; /* hops */ + u_int32_t xid; /* random transaction id number - chosen by this machine */ + u_int16_t secs; /* seconds used in timing */ + u_int16_t flags; /* flags */ + struct in_addr ciaddr; /* IP address of this machine (if we already have one) */ + struct in_addr yiaddr; /* IP address of this machine (offered by the DHCP server) */ + struct in_addr siaddr; /* IP address of DHCP server */ + struct in_addr giaddr; /* IP address of DHCP relay */ + unsigned char chaddr [MAX_DHCP_CHADDR_LENGTH]; /* hardware address of this machine */ + char sname [MAX_DHCP_SNAME_LENGTH]; /* name of DHCP server */ + char file [MAX_DHCP_FILE_LENGTH]; /* boot file name (used for diskless booting?) */ + char options[MAX_DHCP_OPTIONS_LENGTH]; /* options */ + }dhcp_packet; + + +typedef struct dhcp_offer_struct{ + struct in_addr server_address; /* address of DHCP server that sent this offer */ + struct in_addr offered_address; /* the IP address that was offered to us */ + u_int32_t lease_time; /* lease time in seconds */ + u_int32_t renewal_time; /* renewal time in seconds */ + u_int32_t rebinding_time; /* rebinding time in seconds */ + struct dhcp_offer_struct *next; + }dhcp_offer; + + +typedef struct requested_server_struct{ + struct in_addr server_address; + struct requested_server_struct *next; + }requested_server; + + +#define BOOTREQUEST 1 +#define BOOTREPLY 2 + +#define DHCPDISCOVER 1 +#define DHCPOFFER 2 +#define DHCPREQUEST 3 +#define DHCPDECLINE 4 +#define DHCPACK 5 +#define DHCPNACK 6 +#define DHCPRELEASE 7 + +#define DHCP_OPTION_MESSAGE_TYPE 53 +#define DHCP_OPTION_HOST_NAME 12 +#define DHCP_OPTION_BROADCAST_ADDRESS 28 +#define DHCP_OPTION_REQUESTED_ADDRESS 50 +#define DHCP_OPTION_LEASE_TIME 51 +#define DHCP_OPTION_RENEWAL_TIME 58 +#define DHCP_OPTION_REBINDING_TIME 59 + +#define DHCP_INFINITE_TIME 0xFFFFFFFF + +#define DHCP_BROADCAST_FLAG 32768 + +#define DHCP_SERVER_PORT 67 +#define DHCP_CLIENT_PORT 68 + +#define ETHERNET_HARDWARE_ADDRESS 1 /* used in htype field of dhcp packet */ +#define ETHERNET_HARDWARE_ADDRESS_LENGTH 6 /* length of Ethernet hardware addresses */ + +unsigned char client_hardware_address[MAX_DHCP_CHADDR_LENGTH]=""; + +char network_interface_name[8]="eth0"; + +u_int32_t packet_xid=0; + +u_int32_t dhcp_lease_time=0; +u_int32_t dhcp_renewal_time=0; +u_int32_t dhcp_rebinding_time=0; + +int dhcpoffer_timeout=2; + +dhcp_offer *dhcp_offer_list=NULL; +requested_server *requested_server_list=NULL; + +int valid_responses=0; /* number of valid DHCPOFFERs we received */ +int requested_servers=0; +int requested_responses=0; + +int request_specific_address=FALSE; +int received_requested_address=FALSE; +int verbose=0; +struct in_addr requested_address; + + +int process_arguments(int, char **); +int call_getopt(int, char **); +int validate_arguments(void); +void print_usage(void); +void print_help(void); + +int get_hardware_address(int,char *); + +int send_dhcp_discover(int); +int get_dhcp_offer(int); + +int get_results(void); + +int add_dhcp_offer(struct in_addr,dhcp_packet *); +int free_dhcp_offer_list(void); +int free_requested_server_list(void); + +int create_dhcp_socket(void); +int close_dhcp_socket(int); +int send_dhcp_packet(void *,int,int,struct sockaddr_in *); +int receive_dhcp_packet(void *,int,int,int,struct sockaddr_in *); + + + +int main(int argc, char **argv){ + int dhcp_socket; + int result; + + setlocale (LC_ALL, ""); + bindtextdomain (PACKAGE, LOCALEDIR); + textdomain (PACKAGE); + + if(process_arguments(argc,argv)!=OK){ + usage4 (_("Could not parse arguments")); + } + + /* create socket for DHCP communications */ + dhcp_socket=create_dhcp_socket(); + + /* get hardware address of client machine */ + get_hardware_address(dhcp_socket,network_interface_name); + + /* send DHCPDISCOVER packet */ + send_dhcp_discover(dhcp_socket); + + /* wait for a DHCPOFFER packet */ + get_dhcp_offer(dhcp_socket); + + /* close socket we created */ + close_dhcp_socket(dhcp_socket); + + /* determine state/plugin output to return */ + result=get_results(); + + /* free allocated memory */ + free_dhcp_offer_list(); + free_requested_server_list(); + + return result; + } + + + +/* determines hardware address on client machine */ +int get_hardware_address(int sock,char *interface_name){ + + int i; + +#if defined(__linux__) + struct ifreq ifr; + + strncpy((char *)&ifr.ifr_name,interface_name,sizeof(ifr.ifr_name)); + + /* try and grab hardware address of requested interface */ + if(ioctl(sock,SIOCGIFHWADDR,&ifr)<0){ + printf(_("Error: Could not get hardware address of interface '%s'\n"),interface_name); + exit(STATE_UNKNOWN); + } + + memcpy(&client_hardware_address[0],&ifr.ifr_hwaddr.sa_data,6); + +#elif defined(__bsd__) + /* King 2004 see ACKNOWLEDGEMENTS */ + + int mib[6], len; + char *buf; + unsigned char *ptr; + struct if_msghdr *ifm; + struct sockaddr_dl *sdl; + + mib[0] = CTL_NET; + mib[1] = AF_ROUTE; + mib[2] = 0; + mib[3] = AF_LINK; + mib[4] = NET_RT_IFLIST; + + if ((mib[5] = if_nametoindex(interface_name)) == 0) { + printf(_("Error: if_nametoindex error - %s.\n"), strerror(errno)); + exit(STATE_UNKNOWN); + } + + if (sysctl(mib, 6, NULL, &len, NULL, 0) < 0) { + printf(_("Error: Couldn't get hardware address from %s. sysctl 1 error - %s.\n"), interface_name, strerror(errno)); + exit(STATE_UNKNOWN); + } + + if ((buf = malloc(len)) == NULL) { + printf(_("Error: Couldn't get hardware address from interface %s. malloc error - %s.\n"), interface_name, strerror(errno)); + exit(4); + } + + if (sysctl(mib, 6, buf, &len, NULL, 0) < 0) { + printf(_("Error: Couldn't get hardware address from %s. sysctl 2 error - %s.\n"), interface_name, strerror(errno)); + exit(STATE_UNKNOWN); + } + + ifm = (struct if_msghdr *)buf; + sdl = (struct sockaddr_dl *)(ifm + 1); + ptr = (unsigned char *)LLADDR(sdl); + memcpy(&client_hardware_address[0], ptr, 6) ; + /* King 2004 */ + +#elif defined(__sun__) || defined(__solaris__) + + /* Kompf 2000-2003 see ACKNOWLEDGEMENTS */ + long stat; + char dev[20] = "/dev/"; + char *p; + int unit; + + for (p = interface_name; *p && isalpha(*p); p++) + /* no-op */ ; + if ( p != '\0' ) { + unit = atoi(p) ; + *p = '\0' ; + strncat(dev, interface_name, 6) ; + } else { + printf(_("Error: can't find unit number in interface_name (%s) - expecting TypeNumber eg lnc0.\n"), interface_name); + exit(STATE_UNKNOWN); + } + stat = mac_addr_dlpi(dev, unit, client_hardware_address); + if (stat != 0) { + printf(_("Error: can't read MAC address from DLPI streams interface for device %s unit %d.\n"), dev, unit); + exit(STATE_UNKNOWN); + } + +#elif defined(__hpux__) + + long stat; + char dev[20] = "/dev/dlpi" ; + int unit = 0; + + stat = mac_addr_dlpi(dev, unit, client_hardware_address); + if (stat != 0) { + printf(_("Error: can't read MAC address from DLPI streams interface for device %s unit %d.\n"), dev, unit); + exit(STATE_UNKNOWN); + } + /* Kompf 2000-2003 */ + +#else + printf(_("Error: can't get MAC address for this architecture.\n")); + exit(STATE_UNKNOWN); +#endif + + if (verbose) { + printf(_("Hardware address: ")); + for (i=0; i<6; ++i) + printf("%2.2x", client_hardware_address[i]); + printf( "\n"); + } + + return OK; + } + + +/* sends a DHCPDISCOVER broadcast message in an attempt to find DHCP servers */ +int send_dhcp_discover(int sock){ + dhcp_packet discover_packet; + struct sockaddr_in sockaddr_broadcast; + + + /* clear the packet data structure */ + bzero(&discover_packet,sizeof(discover_packet)); + + + /* boot request flag (backward compatible with BOOTP servers) */ + discover_packet.op=BOOTREQUEST; + + /* hardware address type */ + discover_packet.htype=ETHERNET_HARDWARE_ADDRESS; + + /* length of our hardware address */ + discover_packet.hlen=ETHERNET_HARDWARE_ADDRESS_LENGTH; + + discover_packet.hops=0; + + /* transaction id is supposed to be random */ + srand(time(NULL)); + packet_xid=random(); + discover_packet.xid=htonl(packet_xid); + + /**** WHAT THE HECK IS UP WITH THIS?!? IF I DON'T MAKE THIS CALL, ONLY ONE SERVER RESPONSE IS PROCESSED!!!! ****/ + /* downright bizzarre... */ + ntohl(discover_packet.xid); + + /*discover_packet.secs=htons(65535);*/ + discover_packet.secs=0xFF; + + /* tell server it should broadcast its response */ + discover_packet.flags=htons(DHCP_BROADCAST_FLAG); + + /* our hardware address */ + memcpy(discover_packet.chaddr,client_hardware_address,ETHERNET_HARDWARE_ADDRESS_LENGTH); + + /* first four bytes of options field is magic cookie (as per RFC 2132) */ + discover_packet.options[0]='\x63'; + discover_packet.options[1]='\x82'; + discover_packet.options[2]='\x53'; + discover_packet.options[3]='\x63'; + + /* DHCP message type is embedded in options field */ + discover_packet.options[4]=DHCP_OPTION_MESSAGE_TYPE; /* DHCP message type option identifier */ + discover_packet.options[5]='\x01'; /* DHCP message option length in bytes */ + discover_packet.options[6]=DHCPDISCOVER; + + /* the IP address we're requesting */ + if(request_specific_address==TRUE){ + discover_packet.options[7]=DHCP_OPTION_REQUESTED_ADDRESS; + discover_packet.options[8]='\x04'; + memcpy(&discover_packet.options[9],&requested_address,sizeof(requested_address)); + } + + /* send the DHCPDISCOVER packet to broadcast address */ + sockaddr_broadcast.sin_family=AF_INET; + sockaddr_broadcast.sin_port=htons(DHCP_SERVER_PORT); + sockaddr_broadcast.sin_addr.s_addr=INADDR_BROADCAST; + bzero(&sockaddr_broadcast.sin_zero,sizeof(sockaddr_broadcast.sin_zero)); + + + if (verbose) { + printf(_("DHCPDISCOVER to %s port %d\n"),inet_ntoa(sockaddr_broadcast.sin_addr),ntohs(sockaddr_broadcast.sin_port)); + printf("DHCPDISCOVER XID: %lu (0x%X)\n",ntohl(discover_packet.xid),ntohl(discover_packet.xid)); + printf("DHCDISCOVER ciaddr: %s\n",inet_ntoa(discover_packet.ciaddr)); + printf("DHCDISCOVER yiaddr: %s\n",inet_ntoa(discover_packet.yiaddr)); + printf("DHCDISCOVER siaddr: %s\n",inet_ntoa(discover_packet.siaddr)); + printf("DHCDISCOVER giaddr: %s\n",inet_ntoa(discover_packet.giaddr)); + } + + /* send the DHCPDISCOVER packet out */ + send_dhcp_packet(&discover_packet,sizeof(discover_packet),sock,&sockaddr_broadcast); + + if (verbose) + printf("\n\n"); + + return OK; + } + + + + +/* waits for a DHCPOFFER message from one or more DHCP servers */ +int get_dhcp_offer(int sock){ + dhcp_packet offer_packet; + struct sockaddr_in source; + int result=OK; + int timeout=1; + int responses=0; + int x; + time_t start_time; + time_t current_time; + + time(&start_time); + + /* receive as many responses as we can */ + for(responses=0,valid_responses=0;;){ + + time(¤t_time); + if((current_time-start_time)>=dhcpoffer_timeout) + break; + + if (verbose) + printf("\n\n"); + + bzero(&source,sizeof(source)); + bzero(&offer_packet,sizeof(offer_packet)); + + result=OK; + result=receive_dhcp_packet(&offer_packet,sizeof(offer_packet),sock,dhcpoffer_timeout,&source); + + if(result!=OK){ + if (verbose) + printf(_("Result=ERROR\n")); + + continue; + } + else{ + if (verbose) + printf(_("Result=OK\n")); + + responses++; + } + + if (verbose) { + printf(_("DHCPOFFER from IP address %s\n"),inet_ntoa(source.sin_addr)); + printf("DHCPOFFER XID: %lu (0x%X)\n",ntohl(offer_packet.xid),ntohl(offer_packet.xid)); + } + + /* check packet xid to see if its the same as the one we used in the discover packet */ + if(ntohl(offer_packet.xid)!=packet_xid){ + if (verbose) + printf(_("DHCPOFFER XID (%lu) did not match DHCPDISCOVER XID (%lu) - ignoring packet\n"),ntohl(offer_packet.xid),packet_xid); + + continue; + } + + /* check hardware address */ + result=OK; + if (verbose) + printf("DHCPOFFER chaddr: "); + + for(x=0;x %s\n",errno,strerror(errno)); + } + return ERROR; + } + else{ + if (verbose) { + printf(_("receive_dhcp_packet() result: %d\n"),recv_result); + printf(_("receive_dhcp_packet() source: %s\n"),inet_ntoa(source_address.sin_addr)); + } + + memcpy(address,&source_address,sizeof(source_address)); + return OK; + } + } + + return OK; + } + + +/* creates a socket for DHCP communication */ +int create_dhcp_socket(void){ + struct sockaddr_in myname; + struct ifreq interface; + int sock; + int flag=1; + + /* Set up the address we're going to bind to. */ + bzero(&myname,sizeof(myname)); + myname.sin_family=AF_INET; + myname.sin_port=htons(DHCP_CLIENT_PORT); + myname.sin_addr.s_addr=INADDR_ANY; /* listen on any address */ + bzero(&myname.sin_zero,sizeof(myname.sin_zero)); + + /* create a socket for DHCP communications */ + sock=socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP); + if(sock<0){ + printf(_("Error: Could not create socket!\n")); + exit(STATE_UNKNOWN); + } + + if (verbose) + printf("DHCP socket: %d\n",sock); + + /* set the reuse address flag so we don't get errors when restarting */ + flag=1; + if(setsockopt(sock,SOL_SOCKET,SO_REUSEADDR,(char *)&flag,sizeof(flag))<0){ + printf(_("Error: Could not set reuse address option on DHCP socket!\n")); + exit(STATE_UNKNOWN); + } + + /* set the broadcast option - we need this to listen to DHCP broadcast messages */ + if(setsockopt(sock,SOL_SOCKET,SO_BROADCAST,(char *)&flag,sizeof flag)<0){ + printf(_("Error: Could not set broadcast option on DHCP socket!\n")); + exit(STATE_UNKNOWN); + } + + /* bind socket to interface */ +#if defined(__linux__) + strncpy(interface.ifr_ifrn.ifrn_name,network_interface_name,IFNAMSIZ); + if(setsockopt(sock,SOL_SOCKET,SO_BINDTODEVICE,(char *)&interface,sizeof(interface))<0){ + printf(_("Error: Could not bind socket to interface %s. Check your privileges...\n"),network_interface_name); + exit(STATE_UNKNOWN); + } + +#else + strncpy(interface.ifr_name,network_interface_name,IFNAMSIZ); +#endif + + /* bind the socket */ + if(bind(sock,(struct sockaddr *)&myname,sizeof(myname))<0){ + printf(_("Error: Could not bind to DHCP socket (port %d)! Check your privileges...\n"),DHCP_CLIENT_PORT); + exit(STATE_UNKNOWN); + } + + return sock; + } + + +/* closes DHCP socket */ +int close_dhcp_socket(int sock){ + + close(sock); + + return OK; + } + + +/* adds a requested server address to list in memory */ +int add_requested_server(struct in_addr server_address){ + requested_server *new_server; + + new_server=(requested_server *)malloc(sizeof(requested_server)); + if(new_server==NULL) + return ERROR; + + new_server->server_address=server_address; + + new_server->next=requested_server_list; + requested_server_list=new_server; + + requested_servers++; + + if (verbose) + printf(_("Requested server address: %s\n"),inet_ntoa(new_server->server_address)); + + return OK; + } + + + + +/* adds a DHCP OFFER to list in memory */ +int add_dhcp_offer(struct in_addr source,dhcp_packet *offer_packet){ + dhcp_offer *new_offer; + int x; + int y; + unsigned option_type; + unsigned option_length; + + if(offer_packet==NULL) + return ERROR; + + /* process all DHCP options present in the packet */ + for(x=4;xoptions[x]==-1 || (int)offer_packet->options[x]==0) + break; + + /* get option type */ + option_type=offer_packet->options[x++]; + + /* get option length */ + option_length=offer_packet->options[x++]; + + if (verbose) + printf("Option: %d (0x%02X)\n",option_type,option_length); + + /* get option data */ + if(option_type==DHCP_OPTION_LEASE_TIME) { + memcpy(&dhcp_lease_time, &offer_packet->options[x], + sizeof(dhcp_lease_time)); + dhcp_lease_time = ntohl(dhcp_lease_time); + } + if(option_type==DHCP_OPTION_RENEWAL_TIME) { + memcpy(&dhcp_renewal_time, &offer_packet->options[x], + sizeof(dhcp_renewal_time)); + dhcp_renewal_time = ntohl(dhcp_renewal_time); + } + if(option_type==DHCP_OPTION_REBINDING_TIME) { + memcpy(&dhcp_rebinding_time, &offer_packet->options[x], + sizeof(dhcp_rebinding_time)); + dhcp_rebinding_time = ntohl(dhcp_rebinding_time); + } + + /* skip option data we're ignoring */ + else + for(y=0;yserver_address=source; + new_offer->offered_address=offer_packet->yiaddr; + new_offer->lease_time=dhcp_lease_time; + new_offer->renewal_time=dhcp_renewal_time; + new_offer->rebinding_time=dhcp_rebinding_time; + + + if (verbose) { + printf(_("Added offer from server @ %s"),inet_ntoa(new_offer->server_address)); + printf(_(" of IP address %s\n"),inet_ntoa(new_offer->offered_address)); + } + + /* add new offer to head of list */ + new_offer->next=dhcp_offer_list; + dhcp_offer_list=new_offer; + + return OK; + } + + +/* frees memory allocated to DHCP OFFER list */ +int free_dhcp_offer_list(void){ + dhcp_offer *this_offer; + dhcp_offer *next_offer; + + for(this_offer=dhcp_offer_list;this_offer!=NULL;this_offer=next_offer){ + next_offer=this_offer->next; + free(this_offer); + } + + return OK; + } + + +/* frees memory allocated to requested server list */ +int free_requested_server_list(void){ + requested_server *this_server; + requested_server *next_server; + + for(this_server=requested_server_list;this_server!=NULL;this_server=next_server){ + next_server=this_server->next; + free(this_server); + } + + return OK; + } + + +/* gets state and plugin output to return */ +int get_results(void){ + dhcp_offer *temp_offer; + requested_server *temp_server; + int result; + u_int32_t max_lease_time=0; + + received_requested_address=FALSE; + + /* checks responses from requested servers */ + requested_responses=0; + if(requested_servers>0){ + + for(temp_server=requested_server_list;temp_server!=NULL;temp_server=temp_server->next){ + + for(temp_offer=dhcp_offer_list;temp_offer!=NULL;temp_offer=temp_offer->next){ + + /* get max lease time we were offered */ + if(temp_offer->lease_time>max_lease_time || temp_offer->lease_time==DHCP_INFINITE_TIME) + max_lease_time=temp_offer->lease_time; + + /* see if we got the address we requested */ + if(!memcmp(&requested_address,&temp_offer->offered_address,sizeof(requested_address))) + received_requested_address=TRUE; + + /* see if the servers we wanted a response from talked to us or not */ + if(!memcmp(&temp_offer->server_address,&temp_server->server_address,sizeof(temp_server->server_address))){ + if (verbose) { + printf(_("DHCP Server Match: Offerer=%s"),inet_ntoa(temp_offer->server_address)); + printf(_(" Requested=%s\n"),inet_ntoa(temp_server->server_address)); + } + requested_responses++; + } + } + } + + } + + /* else check and see if we got our requested address from any server */ + else{ + + for(temp_offer=dhcp_offer_list;temp_offer!=NULL;temp_offer=temp_offer->next){ + + /* get max lease time we were offered */ + if(temp_offer->lease_time>max_lease_time || temp_offer->lease_time==DHCP_INFINITE_TIME) + max_lease_time=temp_offer->lease_time; + + /* see if we got the address we requested */ + if(!memcmp(&requested_address,&temp_offer->offered_address,sizeof(requested_address))) + received_requested_address=TRUE; + } + } + + result=STATE_OK; + if(valid_responses==0) + result=STATE_CRITICAL; + else if(requested_servers>0 && requested_responses==0) + result=STATE_CRITICAL; + else if(requested_responses0) + printf(_(", %s%d of %d requested servers responded"),((requested_responses0)?"only ":"",requested_responses,requested_servers); + + if(request_specific_address==TRUE) + printf(_(", requested address (%s) was %soffered"),inet_ntoa(requested_address),(received_requested_address==TRUE)?"":_("not ")); + + printf(_(", max lease time = ")); + if(max_lease_time==DHCP_INFINITE_TIME) + printf(_("Infinity")); + else + printf("%lu sec",(unsigned long)max_lease_time); + + printf(".\n"); + + return result; + } + + +/* process command-line arguments */ +int process_arguments(int argc, char **argv){ + int c; + + if(argc<1) + return ERROR; + + c=0; + while((c+=(call_getopt(argc-c,&argv[c])))0) + dhcpoffer_timeout=atoi(optarg); + /* + else + usage("Time interval must be a nonnegative integer\n"); + */ + break; + + case 'i': /* interface name */ + + strncpy(network_interface_name,optarg,sizeof(network_interface_name)-1); + network_interface_name[sizeof(network_interface_name)-1]='\x0'; + + break; + + case 'V': /* version */ + print_revision(progname,revision); + exit(STATE_OK); + + case 'h': /* help */ + print_help(); + exit(STATE_OK); + + case 'v': /* verbose */ + verbose=1; + break; + + case '?': /* help */ + usage2 (_("Unknown argument"), optarg); + break; + + default: + break; + } + } + + return i; + } + + +int validate_arguments(void){ + + return OK; + } + +#if defined(__sun__) || defined(__solaris__) || defined(__hpux__) + + /* Kompf 2000-2003 see ACKNOWLEDGEMENTS */ + +/* get a message from a stream; return type of message */ +static int get_msg(int fd) +{ + int flags = 0; + int res, ret; + ctl_area[0] = 0; + dat_area[0] = 0; + ret = 0; + res = getmsg(fd, &ctl, &dat, &flags); + + if(res < 0) { + if(errno == EINTR) { + return(GOT_INTR); + } else { + printf("%s\n", "get_msg FAILED."); + return(GOT_ERR); + } + } + if(ctl.len > 0) { + ret |= GOT_CTRL; + } + if(dat.len > 0) { + ret |= GOT_DATA; + } + return(ret); +} + +/* verify that dl_primitive in ctl_area = prim */ +static int check_ctrl(int prim) +{ + dl_error_ack_t *err_ack = (dl_error_ack_t *)ctl_area; + if(err_ack->dl_primitive != prim) { + printf(_("Error: DLPI stream API failed to get MAC in check_ctrl: %s.\n"), strerror(errno)); + exit(STATE_UNKNOWN); + } + return 0; +} + +/* put a control message on a stream */ +static int put_ctrl(int fd, int len, int pri) +{ + ctl.len = len; + if(putmsg(fd, &ctl, 0, pri) < 0) { + printf(_("Error: DLPI stream API failed to get MAC in put_ctrl/putmsg(): %s.\n"), strerror(errno)); + exit(STATE_UNKNOWN); + } + return 0; +} + +/* put a control + data message on a stream */ +static int put_both(int fd, int clen, int dlen, int pri) +{ + ctl.len = clen; + dat.len = dlen; + if(putmsg(fd, &ctl, &dat, pri) < 0) { + printf(_("Error: DLPI stream API failed to get MAC in put_both/putmsg().\n"), strerror(errno)); + exit(STATE_UNKNOWN); + } + return 0; +} + +/* open file descriptor and attach */ +static int dl_open(const char *dev, int unit, int *fd) +{ + dl_attach_req_t *attach_req = (dl_attach_req_t *)ctl_area; + if((*fd = open(dev, O_RDWR)) == -1) { + printf(_("Error: DLPI stream API failed to get MAC in dl_attach_req/open(%s..): %s.\n"), dev, strerror(errno)); + exit(STATE_UNKNOWN); + } + attach_req->dl_primitive = DL_ATTACH_REQ; + attach_req->dl_ppa = unit; + put_ctrl(*fd, sizeof(dl_attach_req_t), 0); + get_msg(*fd); + return check_ctrl(DL_OK_ACK); +} + +/* send DL_BIND_REQ */ +static int dl_bind(int fd, int sap, u_char *addr) +{ + dl_bind_req_t *bind_req = (dl_bind_req_t *)ctl_area; + dl_bind_ack_t *bind_ack = (dl_bind_ack_t *)ctl_area; + bind_req->dl_primitive = DL_BIND_REQ; + bind_req->dl_sap = sap; + bind_req->dl_max_conind = 1; + bind_req->dl_service_mode = DL_CLDLS; + bind_req->dl_conn_mgmt = 0; + bind_req->dl_xidtest_flg = 0; + put_ctrl(fd, sizeof(dl_bind_req_t), 0); + get_msg(fd); + if (GOT_ERR == check_ctrl(DL_BIND_ACK)) { + printf(_("Error: DLPI stream API failed to get MAC in dl_bind/check_ctrl(): %s.\n"), strerror(errno)); + exit(STATE_UNKNOWN); + } + bcopy((u_char *)bind_ack + bind_ack->dl_addr_offset, addr, + bind_ack->dl_addr_length); + return 0; +} + +/*********************************************************************** + * interface: + * function mac_addr_dlpi - get the mac address of the interface with + * type dev (eg lnc, hme) and unit (0, 1 ..) + * + * parameter: addr: an array of six bytes, has to be allocated by the caller + * + * return: 0 if OK, -1 if the address could not be determined + * + * + ***********************************************************************/ + +long mac_addr_dlpi( const char *dev, int unit, u_char *addr) { + + int fd; + u_char mac_addr[25]; + + if (GOT_ERR != dl_open(dev, unit, &fd)) { + if (GOT_ERR != dl_bind(fd, INSAP, mac_addr)) { + bcopy( mac_addr, addr, 6); + return 0; + } + } + close(fd); + return -1; +} + + /* Kompf 2000-2003 */ + +#endif + + +/* print usage help */ +void print_help(void){ + + print_revision(progname,revision); + + printf("Copyright (c) 2001-2004 Ethan Galstad (nagios@nagios.org)\n\n"); + printf (COPYRIGHT, copyright, email); + + printf(_("This plugin tests the availability of DHCP servers on a network.\n\n")); + + print_usage(); + + printf(_("\ + -s, --serverip=IPADDRESS\n\ + IP address of DHCP server that we must hear from\n\ + -r, --requestedip=IPADDRESS\n\ + IP address that should be offered by at least one DHCP server\n\ + -t, --timeout=INTEGER\n\ + Seconds to wait for DHCPOFFER before timeout occurs\n\ + -i, --interface=STRING\n\ + Interface to to use for listening (i.e. eth0)\n\ + -v, --verbose\n\ + Print extra information (command-line use only)\n\ + -h, --help\n\ + Print detailed help screen\n\ + -V, --version\n\ + Print version information\n")); +} + + +void print_usage(void) +{ + printf("\ +Usage: %s [-s serverip] [-r requestedip] [-t timeout] [-i interface]\n\ + [-v]",progname); +} + + + diff --git a/plugins-root/check_icmp.c b/plugins-root/check_icmp.c new file mode 100644 index 0000000..2f03552 --- /dev/null +++ b/plugins-root/check_icmp.c @@ -0,0 +1,1199 @@ +/* + * $Id$ + * + * Author: Andreas Ericsson + * + * License: GNU GPL 2.0 or any later version. + * + * Relevant RFC's: 792 (ICMP), 791 (IP) + * + * This program was modeled somewhat after the check_icmp program, + * which was in turn a hack of fping (www.fping.org) but has been + * completely rewritten since to generate higher precision rta values, + * and support several different modes as well as setting ttl to control. + * redundant routes. The only remainders of fping is currently a few + * function names. + * + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/** sometimes undefined system macros (quite a few, actually) **/ +#ifndef MAXTTL +# define MAXTTL 255 +#endif +#ifndef INADDR_NONE +# define INADDR_NONE 0xffffffU +#endif + +#ifndef SOL_IP +#define SOL_IP 0 +#endif + +/* we bundle these in one #ifndef, since they're all from BSD + * Put individual #ifndef's around those that bother you */ +#ifndef ICMP_UNREACH_NET_UNKNOWN +# define ICMP_UNREACH_NET_UNKNOWN 6 +# define ICMP_UNREACH_HOST_UNKNOWN 7 +# define ICMP_UNREACH_ISOLATED 8 +# define ICMP_UNREACH_NET_PROHIB 9 +# define ICMP_UNREACH_HOST_PROHIB 10 +# define ICMP_UNREACH_TOSNET 11 +# define ICMP_UNREACH_TOSHOST 12 +#endif +/* tru64 has the ones above, but not these */ +#ifndef ICMP_UNREACH_FILTER_PROHIB +# define ICMP_UNREACH_FILTER_PROHIB 13 +# define ICMP_UNREACH_HOST_PRECEDENCE 14 +# define ICMP_UNREACH_PRECEDENCE_CUTOFF 15 +#endif + + +/** typedefs and such **/ +enum states { + STATE_OK = 0, + STATE_WARNING, + STATE_CRITICAL, + STATE_UNKNOWN, + STATE_DEPENDENT, + STATE_OOB +}; + +typedef unsigned short range_t; /* type for get_range() -- unimplemented */ + +typedef struct rta_host { + unsigned short id; /* id in **table, and icmp pkts */ + char *name; /* arg used for adding this host */ + char *msg; /* icmp error message, if any */ + struct sockaddr_in saddr_in; /* the address of this host */ + struct in_addr error_addr; /* stores address of error replies */ + unsigned long long time_waited; /* total time waited, in usecs */ + unsigned int icmp_sent, icmp_recv, icmp_lost; /* counters */ + unsigned char icmp_type, icmp_code; /* type and code from errors */ + unsigned short flags; /* control/status flags */ + double rta; /* measured RTA */ + unsigned char pl; /* measured packet loss */ + struct rta_host *next; /* linked list */ +} rta_host; + +#define FLAG_LOST_CAUSE 0x01 /* decidedly dead target. */ + +/* threshold structure. all values are maximum allowed, exclusive */ +typedef struct threshold { + unsigned char pl; /* max allowed packet loss in percent */ + unsigned int rta; /* roundtrip time average, microseconds */ +} threshold; + +/* the data structure */ +typedef struct icmp_ping_data { + struct timeval stime; /* timestamp (saved in protocol struct as well) */ + unsigned short ping_id; +} icmp_ping_data; + +/* the different modes of this program are as follows: + * MODE_RTA: send all packets no matter what (mimic check_icmp and check_ping) + * MODE_HOSTCHECK: Return immediately upon any sign of life + * In addition, sends packets to ALL addresses assigned + * to this host (as returned by gethostbyname() or + * gethostbyaddr() and expects one host only to be checked at + * a time. Therefore, any packet response what so ever will + * count as a sign of life, even when received outside + * crit.rta limit. Do not misspell any additional IP's. + * MODE_ALL: Requires packets from ALL requested IP to return OK (default). + * MODE_ICMP: implement something similar to check_icmp (MODE_RTA without + * tcp and udp args does this) + */ +#define MODE_RTA 0 +#define MODE_HOSTCHECK 1 +#define MODE_ALL 2 +#define MODE_ICMP 3 + +/* the different ping types we can do + * TODO: investigate ARP ping as well */ +#define HAVE_ICMP 1 +#define HAVE_UDP 2 +#define HAVE_TCP 4 +#define HAVE_ARP 8 + +#define MIN_PING_DATA_SIZE sizeof(struct icmp_ping_data) +#define MAX_IP_PKT_SIZE 65536 /* (theoretical) max IP packet size */ +#define IP_HDR_SIZE 20 +#define MAX_PING_DATA (MAX_IP_PKT_SIZE - IP_HDR_SIZE - ICMP_MINLEN) +#define DEFAULT_PING_DATA_SIZE (MIN_PING_DATA_SIZE + 44) + +/* various target states */ +#define TSTATE_INACTIVE 0x01 /* don't ping this host anymore */ +#define TSTATE_WAITING 0x02 /* unanswered packets on the wire */ +#define TSTATE_ALIVE 0x04 /* target is alive (has answered something) */ +#define TSTATE_UNREACH 0x08 + +/** prototypes **/ +static void usage(unsigned char, char *); +static u_int get_timevar(const char *); +static u_int get_timevaldiff(struct timeval *, struct timeval *); +static int wait_for_reply(int, u_int); +static int recvfrom_wto(int, char *, unsigned int, struct sockaddr *, u_int *); +static int send_icmp_ping(int, struct rta_host *); +static int get_threshold(char *str, threshold *th); +static void run_checks(void); +static int add_target(char *); +static int add_target_ip(char *, struct in_addr *); +static int handle_random_icmp(struct icmp *, struct sockaddr_in *); +static unsigned short icmp_checksum(unsigned short *, int); +static void finish(int); +static void crash(const char *, ...); + +/** external **/ +extern int optind, opterr, optopt; +extern char *optarg; +extern char **environ; + +/** global variables **/ +static char *progname; +static struct rta_host **table, *cursor, *list; +static threshold crit = {80, 500000}, warn = {40, 200000}; +static int mode, protocols, sockets, debug = 0, timeout = 10; +static unsigned short icmp_pkt_size, icmp_data_size = DEFAULT_PING_DATA_SIZE; +static unsigned int icmp_sent = 0, icmp_recv = 0, icmp_lost = 0; +#define icmp_pkts_en_route (icmp_sent - (icmp_recv + icmp_lost)) +static unsigned short targets_down = 0, targets = 0, packets = 0; +#define targets_alive (targets - targets_down) +static unsigned int retry_interval, pkt_interval, target_interval; +static int icmp_sock, tcp_sock, udp_sock, status = STATE_OK; +static pid_t pid; +static struct timezone tz; +static struct timeval prog_start; +static unsigned long long max_completion_time = 0; +static unsigned char ttl = 0; /* outgoing ttl */ +static unsigned int warn_down = 1, crit_down = 1; /* host down threshold values */ +float pkt_backoff_factor = 1.5; +float target_backoff_factor = 1.5; + +/** code start **/ +static void +crash(const char *fmt, ...) +{ + va_list ap; + + printf("%s: ", progname); + + va_start(ap, fmt); + vprintf(fmt, ap); + va_end(ap); + + if(errno) printf(": %s", strerror(errno)); + puts(""); + + exit(3); +} + + +static char * +get_icmp_error_msg(unsigned char icmp_type, unsigned char icmp_code) +{ + char *msg = "unreachable"; + + if(debug > 1) printf("get_icmp_error_msg(%u, %u)\n", icmp_type, icmp_code); + switch(icmp_type) { + case ICMP_UNREACH: + switch(icmp_code) { + case ICMP_UNREACH_NET: msg = "Net unreachable"; break; + case ICMP_UNREACH_HOST: msg = "Host unreachable"; break; + case ICMP_UNREACH_PROTOCOL: msg = "Protocol unreachable (firewall?)"; break; + case ICMP_UNREACH_PORT: msg = "Port unreachable (firewall?)"; break; + case ICMP_UNREACH_NEEDFRAG: msg = "Fragmentation needed"; break; + case ICMP_UNREACH_SRCFAIL: msg = "Source route failed"; break; + case ICMP_UNREACH_ISOLATED: msg = "Source host isolated"; break; + case ICMP_UNREACH_NET_UNKNOWN: msg = "Unknown network"; break; + case ICMP_UNREACH_HOST_UNKNOWN: msg = "Unknown host"; break; + case ICMP_UNREACH_NET_PROHIB: msg = "Network denied (firewall?)"; break; + case ICMP_UNREACH_HOST_PROHIB: msg = "Host denied (firewall?)"; break; + case ICMP_UNREACH_TOSNET: msg = "Bad TOS for network (firewall?)"; break; + case ICMP_UNREACH_TOSHOST: msg = "Bad TOS for host (firewall?)"; break; + case ICMP_UNREACH_FILTER_PROHIB: msg = "Prohibited by filter (firewall)"; break; + case ICMP_UNREACH_HOST_PRECEDENCE: msg = "Host precedence violation"; break; + case ICMP_UNREACH_PRECEDENCE_CUTOFF: msg = "Precedence cutoff"; break; + default: msg = "Invalid code"; break; + } + break; + + case ICMP_TIMXCEED: + /* really 'out of reach', or non-existant host behind a router serving + * two different subnets */ + switch(icmp_code) { + case ICMP_TIMXCEED_INTRANS: msg = "Time to live exceeded in transit"; break; + case ICMP_TIMXCEED_REASS: msg = "Fragment reassembly time exceeded"; break; + default: msg = "Invalid code"; break; + } + break; + + case ICMP_SOURCEQUENCH: msg = "Transmitting too fast"; break; + case ICMP_REDIRECT: msg = "Redirect (change route)"; break; + case ICMP_PARAMPROB: msg = "Bad IP header (required option absent)"; break; + + /* the following aren't error messages, so ignore */ + case ICMP_TSTAMP: + case ICMP_TSTAMPREPLY: + case ICMP_IREQ: + case ICMP_IREQREPLY: + case ICMP_MASKREQ: + case ICMP_MASKREPLY: + default: msg = ""; break; + } + + return msg; +} + +static int +handle_random_icmp(struct icmp *p, struct sockaddr_in *addr) +{ + struct icmp *sent_icmp = NULL; + struct rta_host *host = NULL; + unsigned char *ptr; + + if(p->icmp_type == ICMP_ECHO && p->icmp_id == pid) { + /* echo request from us to us (pinging localhost) */ + return 0; + } + + ptr = (unsigned char *)p; + if(debug) printf("handle_random_icmp(%p, %p)\n", (void *)p, (void *)addr); + + /* only handle a few types, since others can't possibly be replies to + * us in a sane network (if it is anyway, it will be counted as lost + * at summary time, but not as quickly as a proper response */ + /* TIMXCEED can be an unreach from a router with multiple IP's which + * serves two different subnets on the same interface and a dead host + * on one net is pinged from the other. The router will respond to + * itself and thus set TTL=0 so as to not loop forever. Even when + * TIMXCEED actually sends a proper icmp response we will have passed + * too many hops to have a hope of reaching it later, in which case it + * indicates overconfidence in the network, poor routing or both. */ + if(p->icmp_type != ICMP_UNREACH && p->icmp_type != ICMP_TIMXCEED && + p->icmp_type != ICMP_SOURCEQUENCH && p->icmp_type != ICMP_PARAMPROB) + { + return 0; + } + + /* might be for us. At least it holds the original package (according + * to RFC 792). If it isn't, just ignore it */ + sent_icmp = (struct icmp *)(ptr + 28); + if(sent_icmp->icmp_type != ICMP_ECHO || sent_icmp->icmp_id != pid || + sent_icmp->icmp_seq >= targets) + { + if(debug) printf("Packet is no response to a packet we sent\n"); + return 0; + } + + /* it is indeed a response for us */ + host = table[sent_icmp->icmp_seq]; + if(debug) { + printf("Received \"%s\" from %s for ICMP ECHO sent to %s.\n", + get_icmp_error_msg(p->icmp_type, p->icmp_code), + inet_ntoa(addr->sin_addr), host->name); + } + + icmp_lost++; + host->icmp_lost++; + /* don't spend time on lost hosts any more */ + if(host->flags & FLAG_LOST_CAUSE) return 0; + + /* source quench means we're sending too fast, so increase the + * interval and mark this packet lost */ + if(p->icmp_type == ICMP_SOURCEQUENCH) { + pkt_interval *= pkt_backoff_factor; + target_interval *= target_backoff_factor; + } + else { + targets_down++; + host->flags |= FLAG_LOST_CAUSE; + } + host->icmp_type = p->icmp_type; + host->icmp_code = p->icmp_code; + host->error_addr.s_addr = addr->sin_addr.s_addr; + + return 0; +} + +int +main(int argc, char **argv) +{ + int i; + char *ptr; + long int arg; + int icmp_sockerrno, udp_sockerrno, tcp_sockerrno; + int result; + struct rta_host *host; + + /* we only need to be setsuid when we get the sockets, so do + * that before pointer magic (esp. on network data) */ + icmp_sockerrno = udp_sockerrno = tcp_sockerrno = sockets = 0; + + if((icmp_sock = socket(PF_INET, SOCK_RAW, IPPROTO_ICMP)) != -1) + sockets |= HAVE_ICMP; + else icmp_sockerrno = errno; + + /* if((udp_sock = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP)) != -1) */ + /* sockets |= HAVE_UDP; */ + /* else udp_sockerrno = errno; */ + + /* if((tcp_sock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP)) != -1) */ + /* sockets |= HAVE_TCP; */ + /* else tcp_sockerrno = errno; */ + + /* now drop privileges (no effect if not setsuid or geteuid() == 0) */ + setuid(getuid()); + + /* POSIXLY_CORRECT might break things, so unset it (the portable way) */ + environ = NULL; + + /* use the pid to mark packets as ours */ + pid = getpid(); + /* printf("pid = %u\n", pid); */ + + /* get calling name the old-fashioned way for portability instead + * of relying on the glibc-ism __progname */ + ptr = strrchr(argv[0], '/'); + if(ptr) progname = &ptr[1]; + else progname = argv[0]; + + /* now set defaults. Use progname to set them initially (allows for + * superfast check_host program when target host is up */ + cursor = list = NULL; + table = NULL; + + mode = MODE_RTA; + crit.rta = 500000; + crit.pl = 80; + warn.rta = 200000; + warn.pl = 40; + protocols = HAVE_ICMP | HAVE_UDP | HAVE_TCP; + pkt_interval = 80000; /* 80 msec packet interval by default */ + packets = 5; + + if(!strcmp(progname, "check_icmp") || !strcmp(progname, "check_ping")) { + mode = MODE_ICMP; + protocols = HAVE_ICMP; + } + else if(!strcmp(progname, "check_host")) { + mode = MODE_HOSTCHECK; + pkt_interval = 1000000; + packets = 5; + crit.rta = warn.rta = 1000000; + crit.pl = warn.pl = 100; + } + else if(!strcmp(progname, "check_rta_multi")) { + mode = MODE_ALL; + target_interval = 0; + pkt_interval = 50000; + packets = 5; + } + + /* parse the arguments */ + for(i = 1; i < argc; i++) { + while((arg = getopt(argc, argv, "vhVw:c:n:p:t:H:i:b:I:l:")) != EOF) { + switch(arg) { + case 'v': + debug++; + break; + case 'b': + /* silently ignored for now */ + break; + case 'i': + pkt_interval = get_timevar(optarg); + break; + case 'I': + target_interval = get_timevar(optarg); + break; + case 'w': + get_threshold(optarg, &warn); + break; + case 'c': + get_threshold(optarg, &crit); + break; + case 'n': + case 'p': + packets = strtoul(optarg, NULL, 0); + break; + case 't': + timeout = strtoul(optarg, NULL, 0); + if(!timeout) timeout = 10; + break; + case 'H': + add_target(optarg); + break; + case 'l': + ttl = (unsigned char)strtoul(optarg, NULL, 0); + break; + case 'd': /* implement later, for cluster checks */ + warn_down = (unsigned char)strtoul(optarg, &ptr, 0); + if(ptr) { + crit_down = (unsigned char)strtoul(ptr + 1, NULL, 0); + } + break; + case 'h': case 'V': default: + usage(arg, NULL); + break; + } + } + } + + argv = &argv[optind]; + while(*argv) { + add_target(*argv); + argv++; + } + if(!targets) { + errno = 0; + crash("No hosts to check"); + exit(3); + } + + if(!sockets) { + if(icmp_sock == -1) { + errno = icmp_sockerrno; + crash("Failed to obtain ICMP socket"); + return -1; + } + /* if(udp_sock == -1) { */ + /* errno = icmp_sockerrno; */ + /* crash("Failed to obtain UDP socket"); */ + /* return -1; */ + /* } */ + /* if(tcp_sock == -1) { */ + /* errno = icmp_sockerrno; */ + /* crash("Failed to obtain TCP socker"); */ + /* return -1; */ + /* } */ + } + if(!ttl) ttl = 64; + + if(icmp_sock) { + result = setsockopt(icmp_sock, SOL_IP, IP_TTL, &ttl, sizeof(ttl)); + if(debug) { + if(result == -1) printf("setsockopt failed\n"); + else printf("ttl set to %u\n", ttl); + } + } + + /* stupid users should be able to give whatever thresholds they want + * (nothing will break if they do), but some anal plugin maintainer + * will probably add some printf() thing here later, so it might be + * best to at least show them where to do it. ;) */ + if(warn.pl > crit.pl) warn.pl = crit.pl; + if(warn.rta > crit.rta) warn.rta = crit.rta; + if(warn_down > crit_down) crit_down = warn_down; + + signal(SIGINT, finish); + signal(SIGHUP, finish); + signal(SIGTERM, finish); + signal(SIGALRM, finish); + if(debug) printf("Setting alarm timeout to %u seconds\n", timeout); + alarm(timeout); + + /* make sure we don't wait any longer than necessary */ + gettimeofday(&prog_start, &tz); + max_completion_time = + ((targets * packets * pkt_interval) + (targets * target_interval)) + + (targets * packets * crit.rta) + crit.rta; + + if(debug) { + printf("packets: %u, targets: %u\n" + "target_interval: %0.3f, pkt_interval %0.3f\n" + "crit.rta: %0.3f\n" + "max_completion_time: %0.3f\n", + packets, targets, + (float)target_interval / 1000, (float)pkt_interval / 1000, + (float)crit.rta / 1000, + (float)max_completion_time / 1000); + } + + if(debug) { + if(max_completion_time > (u_int)timeout * 1000000) { + printf("max_completion_time: %llu timeout: %u\n", + max_completion_time, timeout); + printf("Timout must be at lest %llu\n", + max_completion_time / 1000000 + 1); + } + } + + icmp_pkt_size = icmp_data_size + ICMP_MINLEN; + if(debug > 2) printf("icmp_pkt_size = %u\n", icmp_pkt_size); + if(icmp_pkt_size < sizeof(struct icmp) + sizeof(struct icmp_ping_data)) { + icmp_pkt_size = sizeof(struct icmp) + sizeof(struct icmp_ping_data); + } + if(debug > 2) printf("icmp_pkt_size = %u\n", icmp_pkt_size); + + if(debug) { + printf("crit = {%u, %u%%}, warn = {%u, %u%%}\n", + crit.rta, crit.pl, warn.rta, warn.pl); + printf("pkt_interval: %u target_interval: %u retry_interval: %u\n", + pkt_interval, target_interval, retry_interval); + printf("icmp_pkt_size: %u timeout: %u\n", + icmp_pkt_size, timeout); + } + + if(packets > 20) { + errno = 0; + crash("packets is > 20 (%d)", packets); + } + + host = list; + table = malloc(sizeof(struct rta_host **) * (argc - 1)); + i = 0; + while(host) { + host->id = i; + table[i] = host; + host = host->next; + i++; + } + + run_checks(); + + errno = 0; + finish(0); + + return(0); +} + +static void +run_checks() +{ + u_int i, t, result; + u_int final_wait, time_passed; + + /* this loop might actually violate the pkt_interval or target_interval + * settings, but only if there aren't any packets on the wire which + * indicates that the target can handle an increased packet rate */ + for(i = 0; i < packets; i++) { + for(t = 0; t < targets; t++) { + /* don't send useless packets */ + if(!targets_alive) finish(0); + if(table[t]->flags & FLAG_LOST_CAUSE) { + if(debug) printf("%s is a lost cause. not sending any more\n", + table[t]->name); + continue; + } + + /* we're still in the game, so send next packet */ + (void)send_icmp_ping(icmp_sock, table[t]); + result = wait_for_reply(icmp_sock, target_interval); + } + result = wait_for_reply(icmp_sock, pkt_interval * targets); + } + + if(icmp_pkts_en_route && targets_alive) { + time_passed = get_timevaldiff(NULL, NULL); + final_wait = max_completion_time - time_passed; + + if(debug) { + printf("time_passed: %u final_wait: %u max_completion_time: %llu\n", + time_passed, final_wait, max_completion_time); + } + if(time_passed > max_completion_time) { + if(debug) printf("Time passed. Finishing up\n"); + finish(0); + } + + /* catch the packets that might come in within the timeframe, but + * haven't yet */ + if(debug) printf("Waiting for %u micro-seconds (%0.3f msecs)\n", + final_wait, (float)final_wait / 1000); + result = wait_for_reply(icmp_sock, final_wait); + } +} + +/* response structure: + * ip header : 20 bytes + * icmp header : 28 bytes + * icmp echo reply : the rest + */ +static int +wait_for_reply(int sock, u_int t) +{ + int n, hlen; + static char buf[4096]; + struct sockaddr_in resp_addr; + struct ip *ip; + struct icmp *icp, *sent_icmp; + struct rta_host *host; + struct icmp_ping_data *data; + struct timeval wait_start, now; + u_int tdiff, i, per_pkt_wait; + + /* if we can't listen or don't have anything to listen to, just return */ + if(!t || !icmp_pkts_en_route) return 0; + + gettimeofday(&wait_start, &tz); + + i = t; + per_pkt_wait = t / icmp_pkts_en_route; + while(icmp_pkts_en_route && get_timevaldiff(&wait_start, NULL) < i) { + t = per_pkt_wait; + + /* wrap up if all targets are declared dead */ + if(!targets_alive || + get_timevaldiff(&prog_start, NULL) >= max_completion_time || + (mode == MODE_HOSTCHECK && targets_down)) + { + finish(0); + } + + /* reap responses until we hit a timeout */ + n = recvfrom_wto(sock, buf, sizeof(buf), + (struct sockaddr *)&resp_addr, &t); + if(!n) { + if(debug > 1) { + printf("recvfrom_wto() timed out during a %u usecs wait\n", + per_pkt_wait); + } + continue; /* timeout for this one, so keep trying */ + } + if(n < 0) { + if(debug) printf("recvfrom_wto() returned errors\n"); + return n; + } + + ip = (struct ip *)buf; + if(debug > 1) printf("received %u bytes from %s\n", + ntohs(ip->ip_len), inet_ntoa(resp_addr.sin_addr)); + +/* obsolete. alpha on tru64 provides the necessary defines, but isn't broken */ +/* #if defined( __alpha__ ) && __STDC__ && !defined( __GLIBC__ ) */ + /* alpha headers are decidedly broken. Using an ansi compiler, + * they provide ip_vhl instead of ip_hl and ip_v, so we mask + * off the bottom 4 bits */ +/* hlen = (ip->ip_vhl & 0x0f) << 2; */ +/* #else */ + hlen = ip->ip_hl << 2; +/* #endif */ + + if(n < (hlen + ICMP_MINLEN)) { + crash("received packet too short for ICMP (%d bytes, expected %d) from %s\n", + n, hlen + icmp_pkt_size, inet_ntoa(resp_addr.sin_addr)); + } + /* else if(debug) { */ + /* printf("ip header size: %u, packet size: %u (expected %u, %u)\n", */ + /* hlen, ntohs(ip->ip_len) - hlen, */ + /* sizeof(struct ip), icmp_pkt_size); */ + /* } */ + + /* check the response */ + icp = (struct icmp *)(buf + hlen); + sent_icmp = (struct icmp *)(buf + hlen + ICMP_MINLEN); + /* printf("buf: %p, icp: %p, distance: %u (expected %u)\n", */ + /* buf, icp, */ + /* (u_int)icp - (u_int)buf, hlen); */ + /* printf("buf: %p, sent_icmp: %p, distance: %u (expected %u)\n", */ + /* buf, sent_icmp, */ + /* (u_int)sent_icmp - (u_int)buf, hlen + ICMP_MINLEN); */ + + if(icp->icmp_id != pid) { + handle_random_icmp(icp, &resp_addr); + continue; + } + + if(icp->icmp_type != ICMP_ECHOREPLY || icp->icmp_seq >= targets) { + if(debug > 2) printf("not a proper ICMP_ECHOREPLY\n"); + handle_random_icmp(icp, &resp_addr); + continue; + } + + /* this is indeed a valid response */ + data = (struct icmp_ping_data *)(icp->icmp_data); + + host = table[icp->icmp_seq]; + gettimeofday(&now, &tz); + tdiff = get_timevaldiff(&data->stime, &now); + + host->time_waited += tdiff; + host->icmp_recv++; + icmp_recv++; + + if(debug) { + printf("%0.3f ms rtt from %s, outgoing ttl: %u, incoming ttl: %u\n", + (float)tdiff / 1000, inet_ntoa(resp_addr.sin_addr), + ttl, ip->ip_ttl); + } + + /* if we're in hostcheck mode, exit with limited printouts */ + if(mode == MODE_HOSTCHECK) { + printf("OK - %s responds to ICMP. Packet %u, rta %0.3fms|" + "pkt=%u;;0;%u rta=%0.3f;%0.3f;%0.3f;;\n", + host->name, icmp_recv, (float)tdiff / 1000, + icmp_recv, packets, (float)tdiff / 1000, + (float)warn.rta / 1000, (float)crit.rta / 1000); + exit(STATE_OK); + } + } + + return 0; +} + +/* the ping functions */ +static int +send_icmp_ping(int sock, struct rta_host *host) +{ + static char *buf = NULL; /* re-use so we prevent leaks */ + long int len; + struct icmp *icp; + struct icmp_ping_data *data; + struct timeval tv; + struct sockaddr *addr; + + + if(sock == -1) { + errno = 0; + crash("Attempt to send on bogus socket"); + return -1; + } + addr = (struct sockaddr *)&host->saddr_in; + + if(!buf) { + buf = (char *)malloc(icmp_pkt_size + sizeof(struct ip)); + if(!buf) { + crash("send_icmp_ping(): failed to malloc %d bytes for send buffer", + icmp_pkt_size); + return -1; /* might be reached if we're in debug mode */ + } + } + memset(buf, 0, icmp_pkt_size + sizeof(struct ip)); + + if((gettimeofday(&tv, &tz)) == -1) return -1; + + icp = (struct icmp *)buf; + icp->icmp_type = ICMP_ECHO; + icp->icmp_code = 0; + icp->icmp_cksum = 0; + icp->icmp_id = pid; + icp->icmp_seq = host->id; + data = (struct icmp_ping_data *)icp->icmp_data; + data->ping_id = 10; /* host->icmp.icmp_sent; */ + memcpy(&data->stime, &tv, sizeof(struct timeval)); + icp->icmp_cksum = icmp_checksum((u_short *)icp, icmp_pkt_size); + + len = sendto(sock, buf, icmp_pkt_size, 0, (struct sockaddr *)addr, + sizeof(struct sockaddr)); + + if(len < 0 || (unsigned int)len != icmp_pkt_size) { + if(debug) printf("Failed to send ping to %s\n", + inet_ntoa(host->saddr_in.sin_addr)); + return -1; + } + + icmp_sent++; + host->icmp_sent++; + + return 0; +} + +static int +recvfrom_wto(int sock, char *buf, unsigned int len, struct sockaddr *saddr, + u_int *timo) +{ + u_int slen; + int n; + struct timeval to, then, now; + fd_set rd, wr; + + if(!*timo) { + if(debug) printf("*timo is not\n"); + return 0; + } + + to.tv_sec = *timo / 1000000; + to.tv_usec = (*timo - (to.tv_sec * 1000000)); + + FD_ZERO(&rd); + FD_ZERO(&wr); + FD_SET(sock, &rd); + errno = 0; + gettimeofday(&then, &tz); + n = select(sock + 1, &rd, &wr, NULL, &to); + if(n < 0) crash("select() in recvfrom_wto"); + gettimeofday(&now, &tz); + *timo = get_timevaldiff(&then, &now); + + if(!n) return 0; /* timeout */ + + slen = sizeof(struct sockaddr); + + return recvfrom(sock, buf, len, 0, saddr, &slen); +} + +static void +finish(int sig) +{ + u_int i = 0; + unsigned char pl; + double rta; + struct rta_host *host; + char *status_string[] = + {"OK", "WARNING", "CRITICAL", "UNKNOWN", "DEPENDENT"}; + + alarm(0); + if(debug > 1) printf("finish(%d) called\n", sig); + + if(icmp_sock != -1) close(icmp_sock); + if(udp_sock != -1) close(udp_sock); + if(tcp_sock != -1) close(tcp_sock); + + if(debug) { + printf("icmp_sent: %u icmp_recv: %u icmp_lost: %u\n", + icmp_sent, icmp_recv, icmp_lost); + printf("targets: %u targets_alive: %u\n", targets, targets_alive); + } + + /* iterate thrice to calculate values, give output, and print perfparse */ + host = list; + while(host) { + if(!host->icmp_recv) { + /* rta 0 is ofcourse not entirely correct, but will still show up + * conspicuosly as missing entries in perfparse and cacti */ + pl = 100; + rta = 0; + status = STATE_CRITICAL; + /* up the down counter if not already counted */ + if(!(host->flags & FLAG_LOST_CAUSE) && targets_alive) targets_down++; + } + else { + pl = ((host->icmp_sent - host->icmp_recv) * 100) / host->icmp_sent; + rta = (double)host->time_waited / host->icmp_recv; + } + host->pl = pl; + host->rta = rta; + if(!status && (pl >= warn.pl || rta >= warn.rta)) status = STATE_WARNING; + if(pl >= crit.pl || rta >= crit.rta) status = STATE_CRITICAL; + + host = host->next; + } + /* this is inevitable */ + if(!targets_alive) status = STATE_CRITICAL; + printf("%s - ", status_string[status]); + + host = list; + while(host) { + if(debug) puts(""); + if(i) { + if(i < targets) printf(" :: "); + else printf("\n"); + } + i++; + if(!host->icmp_recv) { + status = STATE_CRITICAL; + if(host->flags & FLAG_LOST_CAUSE) { + printf("%s: %s @ %s. rta nan, lost %d%%", + host->name, + get_icmp_error_msg(host->icmp_type, host->icmp_code), + inet_ntoa(host->error_addr), + 100); + } + else { /* not marked as lost cause, so we have no flags for it */ + printf("%s: rta nan, lost 100%%", host->name); + } + } + else { /* !icmp_recv */ + printf("%s: rta %0.3fms, lost %u%%", + host->name, host->rta / 1000, host->pl); + } + + host = host->next; + } + + /* iterate once more for pretty perfparse output */ + printf("|"); + i = 0; + host = list; + while(host) { + if(debug) puts(""); + printf("%srta=%0.3fms;%0.3f;%0.3f;0; %spl=%u%%;%u;%u;; ", + (targets > 1) ? host->name : "", + host->rta / 1000, (float)warn.rta / 1000, (float)crit.rta / 1000, + (targets > 1) ? host->name : "", + host->pl, warn.pl, crit.pl); + + host = host->next; + } + + /* finish with an empty line */ + puts(""); + if(debug) printf("targets: %u, targets_alive: %u\n", + targets, targets_alive); + + exit(status); +} + +static u_int +get_timevaldiff(struct timeval *early, struct timeval *later) +{ + u_int ret; + struct timeval now; + + if(!later) { + gettimeofday(&now, &tz); + later = &now; + } + if(!early) early = &prog_start; + + /* if early > later we return 0 so as to indicate a timeout */ + if(early->tv_sec > early->tv_sec || + (early->tv_sec == later->tv_sec && early->tv_usec > later->tv_usec)) + { + return 0; + } + + ret = (later->tv_sec - early->tv_sec) * 1000000; + ret += later->tv_usec - early->tv_usec; + + return ret; +} + +static int +add_target_ip(char *arg, struct in_addr *in) +{ + struct rta_host *host; + + /* disregard obviously stupid addresses */ + if(in->s_addr == INADDR_NONE || in->s_addr == INADDR_ANY) + return -1; + + /* no point in adding two identical IP's, so don't. ;) */ + host = list; + while(host) { + if(host->saddr_in.sin_addr.s_addr == in->s_addr) { + if(debug) printf("Identical IP already exists. Not adding %s\n", arg); + return -1; + } + host = host->next; + } + + /* add the fresh ip */ + host = malloc(sizeof(struct rta_host)); + if(!host) { + crash("add_target_ip(%s, %s): malloc(%d) failed", + arg, inet_ntoa(*in), sizeof(struct rta_host)); + } + memset(host, 0, sizeof(struct rta_host)); + + /* set the values. use calling name for output */ + host->name = strdup(arg); + + /* fill out the sockaddr_in struct */ + host->saddr_in.sin_family = AF_INET; + host->saddr_in.sin_addr.s_addr = in->s_addr; + + if(!list) list = cursor = host; + else cursor->next = host; + + cursor = host; + targets++; + + return 0; +} + +/* wrapper for add_target_ip */ +static int +add_target(char *arg) +{ + int i; + struct hostent *he; + struct in_addr *in, ip; + + /* don't resolve if we don't have to */ + if((ip.s_addr = inet_addr(arg)) != INADDR_NONE) { + /* don't add all ip's if we were given a specific one */ + return add_target_ip(arg, &ip); + /* he = gethostbyaddr((char *)in, sizeof(struct in_addr), AF_INET); */ + /* if(!he) return add_target_ip(arg, in); */ + } + else { + errno = 0; + he = gethostbyname(arg); + if(!he) { + errno = 0; + crash("Failed to resolve %s", arg); + return -1; + } + } + + /* possibly add all the IP's as targets */ + for(i = 0; he->h_addr_list[i]; i++) { + in = (struct in_addr *)he->h_addr_list[i]; + add_target_ip(arg, in); + + /* this is silly, but it works */ + if(mode == MODE_HOSTCHECK || mode == MODE_ALL) { + printf("mode: %d\n", mode); + continue; + } + break; + } + + return 0; +} +/* + * u = micro + * m = milli + * s = seconds + * return value is in microseconds + */ +static u_int +get_timevar(const char *str) +{ + char p, u, *ptr; + unsigned int len; + u_int i, d; /* integer and decimal, respectively */ + u_int factor = 1000; /* default to milliseconds */ + + if(!str) return 0; + len = strlen(str); + if(!len) return 0; + + /* unit might be given as ms|m (millisec), + * us|u (microsec) or just plain s, for seconds */ + u = p = '\0'; + u = str[len - 1]; + if(len >= 2 && !isdigit((int)str[len - 2])) p = str[len - 2]; + if(p && u == 's') u = p; + else if(!p) p = u; + if(debug > 2) printf("evaluating %s, u: %c, p: %c\n", str, u, p); + + if(u == 'u') factor = 1; /* microseconds */ + else if(u == 'm') factor = 1000; /* milliseconds */ + else if(u == 's') factor = 1000000; /* seconds */ + if(debug > 2) printf("factor is %u\n", factor); + + i = strtoul(str, &ptr, 0); + if(!ptr || *ptr != '.' || strlen(ptr) < 2 || factor == 1) + return i * factor; + + /* time specified in usecs can't have decimal points, so ignore them */ + if(factor == 1) return i; + + d = strtoul(ptr + 1, NULL, 0); + + /* d is decimal, so get rid of excess digits */ + while(d >= factor) d /= 10; + + /* the last parenthesis avoids floating point exceptions. */ + return ((i * factor) + (d * (factor / 10))); +} + +/* not too good at checking errors, but it'll do (main() should barfe on -1) */ +static int +get_threshold(char *str, threshold *th) +{ + char *p = NULL, i = 0; + + if(!str || !strlen(str) || !th) return -1; + + /* pointer magic slims code by 10 lines. i is bof-stop on stupid libc's */ + p = &str[strlen(str) - 1]; + while(p != &str[1]) { + if(*p == '%') *p = '\0'; + else if(*p == ',' && i) { + *p = '\0'; /* reset it so get_timevar(str) works nicely later */ + th->pl = (unsigned char)strtoul(p+1, NULL, 0); + break; + } + i = 1; + p--; + } + th->rta = get_timevar(str); + + if(!th->rta) return -1; + + if(th->rta > MAXTTL * 1000000) th->rta = MAXTTL * 1000000; + if(th->pl > 100) th->pl = 100; + + return 0; +} + +unsigned short +icmp_checksum(unsigned short *p, int n) +{ + register unsigned short cksum; + register long sum = 0; + + while(n > 1) { + sum += *p++; + n -= 2; + } + + /* mop up the occasional odd byte */ + if(n == 1) sum += (unsigned char)*p; + + sum = (sum >> 16) + (sum & 0xffff); /* add hi 16 to low 16 */ + sum += (sum >> 16); /* add carry */ + cksum = ~sum; /* ones-complement, trunc to 16 bits */ + + return cksum; +} + +/* make core plugin developers happy (silly, really) */ +static void +usage(unsigned char arg, char *msg) +{ + if(msg) printf("%s: %s\n", progname, msg); + + if(arg == 'V') { + printf("$Id$\n"); + exit(STATE_UNKNOWN); + } + + printf("Usage: %s [options] [-H] host1 host2 hostn\n\n", progname); + + if(arg != 'h') exit(3); + + printf("Where options are any combination of:\n" + " * -H | --host specify a target\n" + " * -w | --warn warning threshold (currently %0.3fms,%u%%)\n" + " * -c | --crit critical threshold (currently %0.3fms,%u%%)\n" + " * -n | --packets number of packets to send (currently %u)\n" + " * -i | --interval max packet interval (currently %0.3fms)\n" + " * -I | --hostint max target interval (currently %0.3fms)\n" + " * -l | --ttl TTL on outgoing packets (currently %u)\n" + " * -t | --timeout timeout value (seconds, currently %u)\n" + " * -b | --bytes icmp packet size (currenly ignored)\n" + " -v | --verbose verbosity++\n" + " -h | --help this cruft\n", + (float)warn.rta / 1000, warn.pl, (float)crit.rta / 1000, crit.pl, + packets, + (float)pkt_interval / 1000, (float)target_interval / 1000, + ttl, timeout); + + puts("\nThe -H switch is optional. Naming a host (or several) to check is not.\n\n" + "Threshold format for -w and -c is 200.25,60% for 200.25 msec RTA and 60%\n" + "packet loss. The default values should work well for most users.\n" + "You can specify different RTA factors using the standardized abbreviations\n" + "us (microseconds), ms (milliseconds, default) or just plain s for seconds.\n\n" + "Threshold format for -d is warn,crit. 12,14 means WARNING if >= 12 hops\n" + "are spent and CRITICAL if >= 14 hops are spent.\n" + "NOTE: Some systems decrease TTL when forming ICMP_ECHOREPLY, others do not.\n\n" + "The -v switch can be specified several times for increased verbosity.\n\n" + "Long options are currently unsupported.\n\n" + "Options marked with * require an argument\n"); + + puts("The latest version of this plugin can be found at http://oss.op5.se/nagios\n" + "or https://devel.op5.se/oss until the day it is included in the official\n" + "plugin distribution.\n"); + + exit(3); +} diff --git a/plugins/Makefile.am b/plugins/Makefile.am index 1e19bc7..6b7de7e 100644 --- a/plugins/Makefile.am +++ b/plugins/Makefile.am @@ -10,11 +10,11 @@ DEFS = -DLOCALEDIR=\"$(localedir)\" @DEFS@ LIBS = @LIBINTL@ @LIBS@ @SSLINCLUDE@ MATHLIBS = @MATHLIBS@ -libexec_PROGRAMS = check_dhcp check_disk check_dummy check_http check_load \ +libexec_PROGRAMS = check_disk check_dummy check_http check_load \ check_mrtg check_mrtgtraf check_nwstat check_overcr check_ping \ check_real check_smtp check_ssh check_tcp check_time \ - check_udp check_ups check_users negate urlize \ - check_icmp @EXTRAS@ + check_udp check_ups check_users negate \ + urlize @EXTRAS@ check_tcp_programs = check_ftp check_imap check_nntp check_pop \ check_udp2 @check_tcp_ssl@ @@ -45,7 +45,6 @@ AM_INSTALL_PROGRAM_FLAGS = @INSTALL_OPTS@ ############################################################################## # the actual targets -check_dhcp_LDADD = $(NETLIBS) check_dig_LDADD = $(NETLIBS) popen.o check_disk_LDADD = $(BASEOBJS) popen.o check_dns_LDADD = $(NETLIBS) popen.o @@ -54,7 +53,6 @@ check_fping_LDADD = $(NETLIBS) popen.o check_game_LDADD = $(BASEOBJS) popen.o check_http_LDADD = $(NETLIBS) $(SSLLIBS) check_hpjd_LDADD = $(NETLIBS) popen.o -check_icmp_LDADD = $(SOCKETLIBS) check_ldap_LDADD = $(NETLIBS) $(LDAPLIBS) check_load_LDADD = $(BASEOBJS) popen.o check_mrtg_LDADD = $(BASEOBJS) @@ -83,7 +81,6 @@ check_ide_smart_LDADD = $(BASEOBJS) negate_LDADD = $(BASEOBJS) popen.o urlize_LDADD = $(BASEOBJS) popen.o -check_dhcp_DEPENDENCIES = check_dhcp.c $(NETOBJS) $(DEPLIBS) check_dig_DEPENDENCIES = check_dig.c $(NETOBJS) popen.o $(DEPLIBS) check_disk_DEPENDENCIES = check_disk.c $(BASEOBJS) popen.o $(DEPLIBS) check_dns_DEPENDENCIES = check_dns.c $(NETOBJS) popen.o $(DEPLIBS) @@ -92,7 +89,6 @@ check_fping_DEPENDENCIES = check_fping.c $(NETOBJS) popen.o $(DEPLIBS) check_game_DEPENDENCIES = check_game.c $(DEPLIBS) check_http_DEPENDENCIES = check_http.c $(NETOBJS) $(DEPLIBS) check_hpjd_DEPENDENCIES = check_hpjd.c $(NETOBJS) popen.o $(DEPLIBS) -check_icmp_DEPENDENCIES = check_icmp.c check_ide_smart_DEPENDENCIES = check_ide_smart.c $(BASEOBJS) $(DEPLIBS) check_ldap_DEPENDENCIES = check_ldap.c $(NETOBJS) $(DEPLIBS) check_load_DEPENDENCIES = check_load.c $(BASEOBJS) popen.o $(DEPLIBS)